Date: Fri, 19 Jan 2001 23:27:18 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: freebsd-audit@FreeBSD.ORG Subject: Re: mktemp(1) usage Message-ID: <20010119232718.A54822@earth.causticlabs.com> In-Reply-To: <20001212181322.C10901@citusc.usc.edu>; from kris@FreeBSD.ORG on Tue, Dec 12, 2000 at 06:13:22PM -0800 References: <20001209171334.J671@puck.firepipe.net> <20001209150853.A57045@peitho.fxp.org> <20001209171334.J671@puck.firepipe.net> <200012100529.WAA26442@harmony.village.org> <20001212180805.B10901@citusc.usc.edu> <20001212181322.C10901@citusc.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 12, 2000 at 06:13:22PM -0800, Kris Kennaway wrote: > On Tue, Dec 12, 2000 at 06:08:05PM -0800, Kris Kennaway wrote: > > On Sat, Dec 09, 2000 at 10:29:50PM -0700, Warner Losh wrote: > > > In message <20001209171334.J671@puck.firepipe.net> Will Andrews writes: > > > : On Sat, Dec 09, 2000 at 03:08:54PM -0500, Chris Faulhaber wrote: > > > : > Would it be more appropriate for scripts such as periodic(8) to > > > : > call mktemp(1) using the -t flag. In addition to using TMPDIR, > > > : > this allows the use of the system's _PATH_TMP instead of > > > : > hardcoding /tmp. > > > : > > > : Maybe that method doesn't use a random enough number to avoid file > > > : races? > > > > > > If it doesn't, then maybe it should, don't you think. But I think it > > > does. We're looking at 8 X's. It would also be a good place to bump > > > it to 10 if we needed to, say. > > > > No need - with the old method of mktemp() encoding you needed more > > than 6 X's to be secure, but with the new dense encoding even 6 is > > fine. Moreover, mktemp(1) is actually mkstemp(1), so there was never > > any problem with it unless you use -u. > > Forgot to mention that the new mktemp() hasn't yet been MFC'ed - it's > in my merge folder but I didn't get time to do it before I left the > US. That should be done before merging any patches which reduce the > number of X's in use. > Any chance this can be MFC'd? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010119232718.A54822>